Product Security Specialist

Vizrt Group is the world’s leading provider of software defined visual storytelling tools. On our journey to help our customers tell “More stories, better told” we are looking for a Product Security Specialist to join our Product Development department.
About the role
The role requires deep knowledge of the various security assurance activities in a Secure Software Development Lifecycle, history of applying that information across a variety of software delivery methodologies and proven expertise in mentoring product development teams, architects, and testers.This role will work closely with the different R&D teams, Product Management and IT as we develop advanced defences to counter identified security threats.
List of duties
Responds to security alerts towards Vizrt products, tracks and documents security issues and requests, actively monitors work queue.
Creates and coordinates completion of detailed security reports to fulfill audit, management or business owner requirements.
Work closely with development teams in pre-implementation activities to assess application security.
Develop and maintain a program that informs Product Owners and R&D management of the top security risks and overall security health of their products.
Work with the development teams and other leaders to ensure security assurance activities occur during the software development lifecycle and appropriate security mitigations are integrated into the product.
Develop and drive approaches to identify and prevent security vulnerabilities earlier in the development process in an automated scalable manner and work with R&D to deploy and utilize these approaches.
Acts as lead liaison for internal and external audit requests and activities. Leads remedial activities as the result of audit findings.
Provides subject matter expertise, leadership and guidance to development teams and on security policies, standards and procedures and processes.
Develops training content as needed.



Experience
Must have deep understanding of development methodologies, developer tools and processes.
Must have an advanced understanding of Information Security concepts, protocols, industry best practices, and regulatory requirements.
Must demonstrate expertise with security management tools
Must have in-depth knowledge of Information Technology field and computer systems.
Should have advanced proficiency of Windows, UNIX/Linux security and tools used to administer security in these environments
Should have advanced proficiency with database security and tools used to administer security within the various databases, e.g., UDB, DB2, SQL and Oracle
Proven ability to adapt to change and collaborate as part of a team.
Proven understanding of security and privacy regulations and standards is desirable.
Demonstrated experience dealing with security challenges and issues confronting a large, geographically distributed, departmentally diverse, global, public-facing organization.



What we expect from you
Ability to perform and mentor team members in all security assurance activities in the SSDLC from concept through to release including architecture and design reviews, threat modelling, use of appropriate tools and code reviews.
Ability to manage tasks independently without close supervision and take ownership of responsibilities.
Strong communications skills with all levels of an organization, including executive and front-line employees.
Expertise and thought leadership across all aspects of SSDLC.
Working without daily supervision to meet stakeholders’ expectations.
Advanced analytical thinking, problem solving, quantitative analysis ability.
High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.



Required Professional Experience:
15+ years of overall professional experience.
5+ years of management experience.
3+ years of experience in Penetration Testing and finding product and deployment vulnerabilities.
Required Education:
Related Bachelor's degree in an IT related field or relevant work experience
Required Certification:
CISSP, CISM, CISA or other related credentials